Opened 7 years ago
Last modified 7 years ago
#16835 new defect
rtlogFlush: Potential null pointer dereference — at Version 1
Reported by: | ColinIanKing | Owned by: | |
---|---|---|---|
Component: | guest control | Version: | VirtualBox 5.1.22 |
Keywords: | log null pointer dererference | Cc: | |
Guest type: | all | Host type: | Linux |
Description (last modified by )
Function rtlogFlush() in vboxguest/common/log/log.c performs a paronoid check:
/* * If the ring buffer is active, the other destinations are only written * to when the ring buffer is flushed by RTLogFlush(). */ if ( (pLogger->fDestFlags & RTLOGDEST_RINGBUF) && pLogger->pInt && pLogger->pInt->pszRingBuf /* paraoia */) { rtLogRingBufWrite(pLogger->pInt, pLogger->achScratch, pLogger->offScratch); pLogger->offScratch = 0; /* empty the buffer. */ } else ...
This implies that pLogger->pInt could be NULL (even if this is an unlikely paranoid case). In the else path we have the following code that dereferences pLogginer->pInt and hence we may have a NULL pointer deference:
if (pLogger->pInt->pfnFlush) pLogger->pInt->pfnFlush(pLogger);
I guess this is unlikely, but I think it would be good to correctly sanity check this for this corner case.
Note:
See TracTickets
for help on using tickets.